[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal
From: |
Marius Bakke |
Subject: |
Re: ungoogled-chromium aborts on foreign distro via LTSP (Linux Terminal Server Project) |
Date: |
Sun, 12 Jan 2020 00:27:32 +0100 |
User-agent: |
Notmuch/0.29.3 (https://notmuchmail.org) Emacs/26.3 (x86_64-pc-linux-gnu) |
Giovanni Biscuolo <address@hidden> writes:
> if I run the last ungoogled-chromium Guix version in my terminal session
> [1] on a Debian 10 server, I get SIGABRT:
>
> --8<---------------cut here---------------start------------->8---
> [14913:14913:0110/113833.689067:FATAL:zygote_host_impl_linux.cc(116)] No
> usable sandbox! Update your kernel or see
> https://chromium.9oo91esource.qjz9zk/chromium/src/+/master/docs/linux_suid_sandbox_development.md
> for more information on developing with the SUID sandbox. If you want to
> live dangerously and need an immediate workaround, you can try using
> --no-sandbox.
> #0 0x561fb4b09f09 base::debug::CollectStackTrace()
>
> Received signal 6
> #0 0x561fb4b09f09 base::debug::CollectStackTrace()
> r8: 0000000000000000 r9: 00007ffc91ca6500 r10: 0000000000000008 r11:
> 0000000000000246
> r12: 00007ffc91ca7750 r13: 0000000000000170 r14: 00007ffc91ca7910 r15:
> 00007ffc91ca6780
> di: 0000000000000002 si: 00007ffc91ca6500 bp: 00007ffc91ca6740 bx:
> 0000000000000006
> dx: 0000000000000000 ax: 0000000000000000 cx: 00007fee29c227fa sp:
> 00007ffc91ca6578
> ip: 00007fee29c227fa efl: 0000000000000246 cgf: 002b000000000033 erf:
> 0000000000000000
> trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
> [end of stack trace]
> Calling _exit(1). Core file will not be generated.
> --8<---------------cut here---------------end--------------->8---
>
> If I run ungoogled-chromium with --no-sandbox it works, but I'd like not
> to browse with the sandbox off (I'm going to study how to run my
> browsers in a guix container, but it't not the solution AFAIU)
>
> The same updated version of ungoogled-chromium from Guix on a Debian 10
> laptop does not have this problem, so it's specific to the LTSP
> environment I guess
>
> The chromium binary from Debian 10 on the same LTSP environment does not
> have the same problem, it works
>
> Any suggestion on where to look for problems here, please?
The (ungoogled-) Chromium sandbox relies on user namespaces support in
the kernel. I guess `guix environment -C` does not work either?
Debian disables user namespaces by default, try this command to enable
it:
sudo sysctl -w kernel.unprivileged_userns_clone=1
signature.asc
Description: PGP signature